Going back to basics: Higher education internal audit challenges, risks and strategies

Publication Date: November 15, 2024

A video series brought to you by Baker Tilly

Higher education institutions face myriad risks where an internal audit or advisory review would be beneficial (or necessary) to assess risk levels and drive action to mitigate risks on campus. Baker Tilly’s higher education risk advisory specialists have created a series of short internal audit videos focused on eight “back to basics” topics. This video series, which will continue through calendar year 2024, presents key challenges crucial to the higher education industry along with actionable strategies to assess and manage risk. The topics were selected based on recent audits and client inquiries and include: procurement, student accounts and financial aid, gifts and advancement, data analytics, human resources (HR) and payroll, cybersecurity and information technology (IT), construction risk management, and grants and sponsored research.

Episode 1: Procurement risks and controls

Before diving into specific topics, this video offers a comprehensive internal controls overview, walking through the five key components of internal controls and how risk is defined and measured in relation to achieving an institution’s mission and strategic objectives. It then identifies the top procurement risks in higher education and emphasizes the importance of establishing a strong control structure in this space. The discussion examines the risks posed by the decentralized nature of procurement in higher education, along with strategies to mitigate these risks. Additionally, the video explores challenges in contract management, the role of procurement cards (P-cards) and their associated risks and the application of segregation of duties to prevent fraud and misuse in procurement processes.

Episode 2: Student accounts and financial aid

This video discusses the critical role of student accounts in higher education institutions and the complexities of managing the associated functions and offices. It emphasizes the significance of auditing student accounts, offering insights and considerations for institutions conducting these audits. Risk specialists share an overview of the student account function and key risks, as well as potential audit objectives, approaches and outcomes.

Episode 3: Gifts and advancement

The third video in the series dives deep into the five stages of the gift management lifecycle. It highlights the importance of due diligence, legal compliance and managing reputational risks. The video covers key risks related to gift management, including the misuse and handling of donor funds, and offers best practices for managing and advancing gift strategies. It also addresses the implications of accepting restricted or controversial gifts and provides insights into IRS requirements for gift receipts and acknowledgment letters.

Episode 4: Data analytics: questions, challenges and the analysis process

In this video, Baker Tilly’s risk advisor outlines the five essential steps for a successful data analytics process, including the types and sources of data to consider, key questions to address and common challenges along with strategies to overcome them. The video emphasizes the importance of working with reliable data, applying leading practices for data quality and following an effective analysis process. It answers three crucial questions: What should institutions ask before starting data analysis? What challenges are common in higher education data analytics? And what types of data should be included in the analysis?

Episode 5: Navigating human resources and payroll compliance

In the human resources (HR) and payroll video, we explore key functional areas for internal audit to review, highlighting universal pitfalls and risks, along with critical aspects of HR compliance. Baker Tilly’s HR and risk advisory specialists provide key questions for consideration to help ensure your institution is prepared to address common obstacles. Additionally, we delve into specific examples, including multistate payroll obligations, employment eligibility verification and recruiting and hiring employees, and share how these may apply to your institution.

Episode 6: Cybersecurity and IT risks

Our cybersecurity focused video outlines information technology (IT) challenges and risks in the higher education environment and how the widely recognized National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) can effectively guide your institution’s audit process, underscoring the critical importance of adhering to established standards and leading practices. We also discuss the Three Lines of Defense model, offering practical audit examples to demonstrate how IT audits can significantly strengthen your college or university’s security posture.

Episode 7: Construction risk management – coming November 2024

The construction risk episode will examine how capital projects on campus can deliver substantial value to any institution, yet present considerable risks. Conducting a construction audit not only promotes transparency but also fosters collaboration between internal audit, senior leadership and project management teams. This collaborative approach strengthens controls, enhances accountability, mitigates risks and improves financial oversight.

Episode 8: Grants and sponsored research – coming December 2024

In this video to wrap up the higher education internal audit series, we will examine the crucial role that internal audits serve to ensure compliance with grant requirements and the effective management of sponsored research funds. We will also cover compliance topics related to Uniform Guidance issues, including cost principles, effort reporting, procurement, cash management, indirect costs and fringe benefit rates.

For more information, or to learn how Baker Tilly can help your higher education institution, contact our team.Subscribe here to Baker Tilly’s higher education mailing list so you don’t miss any new episodes or the latest insights on industry trends and topics.